Crystal Ball Gazing for 2017

This is the time of the year everyone writes either a year in review article, or a what’s coming in the new year post.  Guess which one this is?  I’ve been reading the pundits, and considering my own findings as a cybersecurity professional.  I pulled together the following list for your review, and to help you plan where to spend your time, talent, and budget in 2017.

  • Continued issues with crypto-ransomware in 2017 may be mitigated by advances from several security software companies in creating products to detect and stop malicious encryption of files.
  • If crypto-ransomware stops being a money-maker for cyber-criminal gangs, expect to see an increase in “business email compromise” exploits.
  • Phishing will continue to be the top access exploit method as attackers get more targeted and sophisticated in their approach.
  • Identity theft will continue to be a problem, as the number of data breaches continues to increase.
  • There will be an increasing use of encryption not just for data in transit, but also to records at rest in servers, NAS, SANs and other storage locations.
  • There will be an increase in the number and power of bot-nets utilizing insecure IoT devices for exploits such as distributed denial-of service (DDoS) attacks.
  • More companies will purchase cyber-insurance, and some companies will find themselves mandated to do so but a regulatory agency or business partner.
  • If your company is part of a larger company’s supply chain, expect requirements from them about creating a cybersecurity program.
  • If your company develops software, your clients will require that security be designed in from the start.  DevOpsSec will become part of your development environment.
  • While traditional perimeter and endpoint defenses will continue, expect to see activity around “mid-point” or internal network security that includes traffic monitoring, behavior analysis, and anomaly detection.
  • Increased activity by nation states in cyber-war attacks.  Some of these campaigns will have adverse effects on businesses and civilians.
  • President-elect Trump appears to favor stronger cybersecurity efforts, which may translate into less privacy and more government intrusion.  Or it may mean more funding for Cyber Command and the NSA.

These are issues that you can count on encountering in the new year.  Plan accordingly.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.